Greetings,
I’m wondering if it might be a good idea to build a separate Graylog instance, just for collecting logs from Windows Desktops with nxlog.
Is anyone already doing this, or can someone share any possible pros and cons associated with this?
Thanks very much, in advance.
If you would go with the nxlog community edition - you might want to switch over to winlogbeat from elastic to collect the information into Graylog.
I have written this blog post that give you some information on this topic:
https://www.graylog.org/post/back-to-basics-enhance-windows-security-with-sysmon-and-graylog
Thank you very much.
I will look into this and let you know how it goes.
You can use the WEF framework. See for example this: https://docs.microsoft.com/en-us/windows/desktop/wec/windows-event-collector and this: https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
